Logicalis warns Islanders to be more vigilant about opening emails after UK Government data reveals 72% of security breaches are caused by fraudulent emails

Posted 20 April, 2017

A local IT firm is urging Channel Islanders to be more vigilant about opening emails after a UK government survey reveals fraudulent emails cause three quarters of security breaches.

The Cybersecurity Breaches Survey 2017 found the most common types of breaches are related to staff receiving fraudulent emails (72%), followed by viruses, spyware and malware (33%), people impersonating the organisation in emails or online (27%) and ransomware (17%).

Tom Bale, Business Development and Technical Director, Logicalis, said: “Fraudulent emails are an increasingly common way for cybercriminals to attack a business. As companies get better at securing their systems, people are becoming the weakest link.

“Fraudulent emails come in many forms. Sometimes they are generic, perhaps faking a well known company or brand; sometimes they are targeted. Spear phishing is the use of emails which appear like they come from a trusted source but are specifically designed to extract confidential data, or to elicit a payment.

“Spear phishing uses social engineering to gather personal data about the targets e.g. from LinkedIn or Facebook, or from company websites, that can be used to make the fraudulent email seem more realistic, and make it more likely that you will click it and follow its instructions.”

Six in ten companies surveyed who identified breaches also said it adversely impacted their organisation with 34% losing staff time dealing with the breach and 38% having to implement new protective measures.

Security breaches can also be costly. Among the 46% of businesses that detected security breaches in the last 12 months, the average business faced costs of £1,570 rising to £19,600 for the average large firm.

Tom said: “Training remains the key to equipping staff so they are better at recognizing fraudulent emails and know how to deal with them when they do receive them.

“Like everything else in security, it’s a matter of people, processes, technology, and policy. But don’t forget the people because if you forget to teach the people security, they will forget to secure the network.”

The Cybersecurity Breaches Survey 2017 was carried out by Ipsos MORI in partnership with the Institute of Criminology at the University of Portsmouth, and involved surveying 1523 UK businesses covering a range of industries.